RESOLVED FIXED 158368
Eager FTL failure for strict comparison of NaN with number check 
https://bugs.webkit.org/show_bug.cgi?id=158368
Summary Eager FTL failure for strict comparison of NaN with number check
Joseph Pecoraro
Reported 2016-06-03 16:12:00 PDT
Created attachment 280480 [details] [TEST] JS Reduction * SUMMARY Eager FTL failure for strict comparison of NaN with number check * TEST function isNaNOnDouble(value) { return (+value) !== value; } noInline(isNaNOnDouble); function testIsNaNOnDoubles() { var value = isNaNOnDouble(-0); if (value) throw "isNaNOnDouble(-0) = " + value; var value = isNaNOnDouble(NaN); if (!value) throw "isNaNOnDouble(NaN) = " + value; var value = isNaNOnDouble(Number.POSITIVE_INFINITY); if (value) throw "isNaNOnDouble(Number.POSITIVE_INFINITY) = " + value; } noInline(testIsNaNOnDoubles); for (var i = 0; i < 1e6; ++i) { testIsNaNOnDoubles(); } * STEPS TO REPRODUCE 1. $ DYLD_FRAMEWORK_PATH=$build/Release $build/Release/jsc --useFTLJIT=true --useConcurrentJIT=false --thresholdForJITAfterWarmUp=100 --thresholdForJITAfterWarmUp=10 --thresholdForJITSoon=10 --thresholdForOptimizeAfterWarmUp=20 --thresholdForOptimizeAfterLongWarmUp=20 --thresholdForOptimizeSoon=20 --thresholdForFTLOptimizeAfterWarmUp=20 --thresholdForFTLOptimizeSoon=20 number-compare-strict.js Exception: isNaNOnDouble(NaN) = false * NOTES - The issue only reproduces if --useConcurrentJIT=false
Attachments
[TEST] JS Reduction (553 bytes, application/x-javascript)
2016-06-03 16:12 PDT, Joseph Pecoraro 		no flags
Details
Patch (4.09 KB, patch)
2016-06-03 18:55 PDT, Benjamin Poulain 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Benjamin Poulain
Comment 1 2016-06-03 17:44:08 PDT
I'll take it. Scary stuff.
Radar WebKit Bug Importer
Comment 2 2016-06-03 17:45:26 PDT
<rdar://problem/26634629>
Benjamin Poulain
Comment 3 2016-06-03 18:55:11 PDT
Created attachment 280501 [details] Patch
WebKit Commit Bot
Comment 4 2016-06-03 20:27:35 PDT
Comment on attachment 280501 [details] Patch Clearing flags on attachment: 280501 Committed r201678: <http://trac.webkit.org/changeset/201678>
WebKit Commit Bot
Comment 5 2016-06-03 20:27:42 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.